Eight topics to consider when choosing cyber insurance

Cyberattacks continue to set new records, prompting chief information security officers (CISOs) and business leaders to focus on how to protect their businesses.

Cyber ‚Äč‚Äčinsurance, including real-time support and reimbursement, has become an important part of corporate security.

Given the complexities, CISOs should enter into such contracts with an eye and ask probing questions to potential insurers to deliver on their promises with readily available guaranteed support.

Here are eight topics to discuss with a prospective cyber insurance company:

  • Sponsors: Ask if the vendor partners provide comprehensive support, such as IT technology and maintenance, legal, public relations and credit management in all areas where the insurer operates. It is very common to find errors in the law when it comes to affiliate marketing. Not everything is fully explained in the process. If there is a disagreement, ask the insurance company if they can pre-authorize other specialists.
  • Help page: Another common difference involves IT support. While IT teams can restore remote systems, it’s not always a case of remote customization. Sometimes they may need to connect computers and whether it’s a small business without an IT department, or a large company with many computers, all companies need on-site support, so ask about its availability.
  • Special machines: When an organization has unique systems, for example, patient information systems in healthcare, the company that developed them is often the one to support them. This raises another important question: can such companies be pre-approved in the insurance contract to allow the insurer to advise them if necessary without the insurance’s other permission?
  • Employment Agreement: Companies looking for cyber insurance should also do their due diligence around pre-agreed SLAs. For example, an insurance company may pre-approve a law firm to form an insurance group, but not agree on their hourly rates or response time. Without this there is no obligation to the company to respond to the insurance within any period. This raises the question: do contracts exist between insurance companies and group sellers? If not, can they be changed and, if so, how often?
  • Additional words: The Blackbaud system breach in 2020 brought to light the need for additional clauses in group sales contracts. Blackbaud has been plagued for months, leaving its customers around the world in need of legal help, prompting a massive search for lawyers. Likewise, the 2021 Microsoft Exchange Server data breach created a huge demand for IT legal experts. Surge’s documentation ensures access to the professional services needed by insurance customers. Without them, companies would have a hard time finding a company that can help with big events. It is important to ask if the insurance has an additional part.
  • Requirements: Insurance buyers should also remember that not all claim groups are created equal. They need to know, in the event of an incident, if they can notify their insurer via regular email, or a 24/7/365 incident response number to arrange immediate assistance. This goes back to SLAs that specify response times. Ask if there are triggers built into the SLA that can speed up the insurance integration process, for example, to get the ransom paid faster? Furthermore, what is the insurance’s SLA for the redemption period? Where claims departments are not solely dedicated to cyber, it is very difficult to match the knowledge, experience and commitment found in dedicated cyber teams. Smaller parties often need outside legal advice to implement their offers, which slows down negotiations. Dedicated teams can provide assurance to their customers very quickly. Find out if the insurer has a dedicated cyber claims team and how experienced they are.
  • Ransomware: If a ransom is required, will the policyholder pay the money to the seller, or will the policyholder pay it directly to the seller or to the insurer? The answer to this will affect the flow of insurance money and/or the speed at which the ransom is paid. The shock of receiving a ransom can overwhelm management teams. The more they know about the process and think about how to respond on demand, the lower their blood pressure and the less likely they are to make a mistake, allowing them to focus on the process to solve the problem quickly.
  • Business Disruption: BI claims continue to take longer than they should, often due to a lack of clarity about what an insurance company needs to assess an insured loss. Ask about the BI assessment process and, more importantly, what information the insurer needs to assess the loss quickly and accurately.

When shopping for cyber insurance, asking these questions can be the difference between a quick recovery and permanent disruption. Insurance consulting can build the confidence that customers want and reduce the likelihood that buyers will learn about the downside of a real cyber incident.

Luke Johnson, claims manager, cyber risk, Canopus